Hi,I solved by using filtering at DNS level. In particular, I'm using openDNS free service https://www.opendns.com/home-internet-security/ that allows fine-grade blocking or preconfigured filtering at DNS level without any fee.On the ZD you have only to change the DNS IP to 208.67.222.222 208.67.220.220Best Regards

IF these feature is included than it would be surely of a great sell value . BUt than it will increase complications in the device and Ruckus would need additional expertise for the Firewall Features . this could change the focus form Wifi . Hence I feel that Ruckus should continue to do its work on Wifi only .

Hi,I solved by using filtering at DNS level. In particular, I'm using openDNS free service https://www.opendns.com/home-internet-security/ that allows fine-grade blocking or preconfigured filtering at DNS level without any fee.On the ZD you have only to change the DNS to 208.67.222.222 208.67.220.220Best Regards

Hi,as I said in a previous post, I solved by using filtering at DNS level. In particular, I'm using openDNS free service https://www.opendns.com/home-internet-security/ that allows fine-grade blocking or preconfigured filtering at DNS level without any fee.On the ZD you have only to change the DNS to 208.67.222.222 208.67.220.220If you do not have a firewall this is simple and cheap solution. Moreover, you can set the same DNS on the DHCP of wired network.

... which is a very basic solution. If a client/student is so intelligent to set his DNS server to e.g. 8.8.8.8 (google public dns) your restriction is circumvented. And my students are a lot smarter than that :). Btw. every proxy application will still work.

Yes it is a very basic solution, but it is free and it works while the access control of ruckus does not work.In our school we have wired and wireless devices for which you need administrator privileges in order to change network setting (and this should be the standard).Your point is right for mobile devices owned by the students, however they still need to set static IP and DNS. I bet that less than 20% of them are able to do this.If you know any other free solution, please let me know.

But like Tuananh said: we're talking about 300-4000€/$ (depending on size). In my opinion a good (e.g. Cisco, Fortinet, PaloAlto) firewall is more importand than an additional AP for greater WiFi coverage.

"I bet that less than 20% of them are able to do this" You are correct, but those students will tell the other 80% for sure. And everybody can google: "circumvent firewall" and will get a proxy as a suggestion. Therefore those basic countermeasures are maybe suited for primary but certainly not for secondary education!

Thank you for the links. I will take a look in particular at pfSense.Yes if you have money and you can afford such cost, it would be perfect a dedicated hardware solution.I do not agree with you about circumvent solutions. Yes you can use a proxy or VPN or maybe you can also use TOR. The problem of all of these solutions is that the majority of app and website does not work with them so they are dummy solutions not real ones.

I think you never really used a web-proxy, did you? Because nearly all web proxy are able to hande facebook and youtube and that's what students want to use (and you want to block). Just try google and you'll see.And again: if you are able to buy ruckus, why not a proper firewall?

Hi,maybe you did not read my previous posts of this thread. I quote my self:

I found how to block facebook and instagram by configuring application denial policies. It is very straightforward. However, I could not block whatsapp and youtube in the same way.

So facebook and instagram are directly blocked by ruckus while youtube cannot .be blocked.For both wired and wireless devices of the school I can successfully block any kind of app and service at DNS level as explained before. In this case the users cannot change IP-DNS setting.Regarding to mobile devices, students can try any kind of solution in order to bypass DNS or firewall filtering as you said. I confirm that apps as Orbot, TOR for Android, are very slow. A very useful, free and fast VPN and web proxy service is VPNbook https://www.vpnbook.com/. However, after that I will implement all the filters, I will make some test and I will report here. As further limitation our guest wifi for students' mobile devices has very limited bandwidth.At the moment our school is out of money with respect to time in which ruckus was bought (second hand).Best Regards

Ok, you might want to keep the following things in mind for your tests (there are based on my situation):

There are proxys,which aren't blockable by dns like this web proxy http://proxydisk0.appspot.com/ . This proxy is running on google App Engine (which is also used on many many other websites) and must be blocked on URL or Application-Filter level. Other websites/proxys are running on Amazon Cloud (AWS) services which also cannot be blocked by DNS.

Some Web-Sites allow to enter their corresponding IP into the browser to open it (we thought not only about youtube, but adult/file-sharing as well). When I did my tests I think that WhatsApp was such a case.

To block torrents you need a clever firewall as torrents are usually capable of circumventing port-based or DNS-filteres firewalls (Popcorn Time!). In my country it is very popular to send out legal warnings to everyone who used torrents and each warning costs about 300$ (either you pay or you consult a lawer, which also needs money). Thereby it is not important that the full file was downloaded, even the access of one byte is "charged". And this can get expensive. Therefore one of my headmasters condition for running a WiFi for our students was that this will never happen.

When our studends learned in information science to build basic websites, at least one student per year installed a proxy on a free web hoster to prove to his classmates how dumb the admin of the network is. Actually I didn't like that :). Advanced firewalls are able to detect those custom proxys by pattern matching.